In this guide, we will learn about SSL/TLS, its working mechanism and a very easy way to add SSL/TLS certificate for your website.
What is SSL/TLS?
Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client. The latest version of SSL is now called Transport Layer Security (TLS). SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely.
SSL certificate is issued by a third party and it verifies the identity of the web server and its public key.
How is SSL/TLS used for encryption?
Suppose I am connecting to https://blog.milanmahat.com.np. Now following things happens to make sure that im connecting to the original blog.milanmahat.com.np and my connection is being encrypted:
- At first, my browser requests a secure page (HTTPS) from web server of blog.milanmahat.com.np.
- The web server sends its public key (Public key of Asymmetric key) and SSL certificate which is digitally signed by Certificate Authority (also called third party).
- My browser already has many major digital signatures of CA, so it can verify whether the SSL certificate is valid or not.
- Then my browser creates a symmetric key (AES) and encrypts it using the public key provided by the web server and transfers the encrypted symmetric key to the web server and the web server decodes it using its private key (Private key of the same Asymmetric key).
- Now both my browser and the web server has the same symmetric key and all traffic between my browser and cloudtech web server is secured using the symmetric key.
- Here, the main role of asymmetric key is to encrypt the symmetric key and send it to the web server securely.
Hence, SSL plays an important role in validating the legitimacy of a website, web apps, web mail, etc
Providing SSL certificate to a website
STEP 1: Installing certbot
I am going to assume that you have nginx as a webserver and your website is already configured. You can check my previous guide for configuring your website.
Now lets start by installing certbot:
Use these commands and check screenshots for reference:
sudo snap install --classic certbot
Next, create a symbolic link to the newly installed
/snap/bin/certbot executable from the
This will ensure that the
certbot command can run on your server from terminal.
To do this, run the following
ln command. This contains the -s flag which will create a symbolic or shortcut file:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Certbot needs to be able to find the correct
server block in your Nginx configuration for it to be able to automatically configure SSL.
It does this by searching for a
server_name directive that matches the domain you request a certificate for i.e. blog.milanmahat.com.np in my case. I have discussed about this in my previous guide.
Check below screenshot for reference:
Now allow HTTPS port.
STEP 2: Allowing HTTPS port
Make sure that you have allowed HTTPS port (443) in your firewall. I have discussed about this in my previous guide.
STEP 3: Obtaining SSL certificate
Now its time to get a SSL certificate. It is very easy to get a free SSL certificate for your website using certbot.
Follow the commands given below:
sudo certbot --nginx -d blog.milanmahat.com.np
Replace blog.milanmahat.com.np with your own website address.
Also if you are using apache, use certbot command with apache instead of nginx.
Thats it! You have got your certificate file, key and certbot has automatically configured your website to use https instead of http.
You can check your config file for viewing the changes that were made by certbot:
We can see that our server block consists of listen 443 ssl part along with locations for certificates, key and new config file for ssl. Also a new rule has been added where blog.milanmahat.com.np is redirected to https://blog.milanmahat.com.np. These configurations are all automatically generated by certbot.
THAT’S IT !!! VERY EASY RIGHT?
This is how we can setup secure our website easily by using certbot. However i wouldn’t recommend this method if you own a website which deals with very critical and important stuffs. In my upcoming blog, i will guide you on how to manually configure SSL certificate for your website.